Chrome Remote Desktop plug-in vulnerability?

Discussion in 'other software & services' started by Daveski17, Feb 3, 2012.

Thread Status:
Not open for further replies.
  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    I was just over at Planet Iron & noticed this about the Chrome Remote Desktop BETA app. Meanwhile; in about:plugins, Chrome & Iron do indeed have a 'Remoting Viewer' plug-in. Does anyone actually bother to disable this particular plug-in or am I unnecessarily being paranoid?
     
  2. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I wonder if I'm the only one that feels that Chrome is going the way of Opera, adding things that really don't belong in a browser. How long until Chrome has a built in torrent client? They can always, you know, slow down development a bit, it's not the end of the world.
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Indeed. There are things, judging by what many Google Chrome users report, that still need to be fine tuned. They should focus on these problems, rather than adding more code to the browser; specially code that has nothing to do with browsing.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Because Chrome is now an OS they need things like this.

    1) This is an extension
    2) Windows has something just like this built in
    3) I don't see how it would be vulnerable. I'd assume that traffic is encrypted (like windows) and you need to enter in usernames/passwords + codes to get into someone's computer. If it's like teamviewer that code is randomly generated just before the session and it expires if not used.
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's the problem. There should be a distinction between the browser and the OS.

    And, Google Chrome (not sure if the stable version has it already) and Chromium do have a Remoting Viewer plugin. Whether or not they'll add more remoting functionality in the future to the browser itself, we don't know.

    Unfortunately, separating the browser and OS would probably take them more time, and time is money.

    But, that still doesn't change the fact that remoting has no place in Google Chrome. Google Chrome is not an OS. It's a browser. There's an operating system that is owned by Google named Google Chrome O.S, which is a web browser O.S, based on Google Chrome. Two separate things.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    It's not built into the browser it's an extension.

    There's something called "Cromoting" that's been developers only for a long long time. Users don't know what it is as far as I know.
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    What's an extension? Remoting Viewer is a plugin that I'm able to see in Chromium under chrome://plugins. Are you telling me I'm imagining things? :eek: :D
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    OK. But, the user who started the thread also mentioned Remoting Viewer, which is a plugin.

    That plugin is there (it is installed with Chromium/Chrome) to work with Chrome Remote Desktop.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Is it? So that plugin runs when you use the extension? Never noticed - haven't checked.

    But is the problem just "boo attack surface" or something else?
     
  11. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    That'd be the kiss of death for Google!
     
  12. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Yes, OK. Should I disable the plug-in or not though? :)
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Google for Google Chrome Remoting Viewer plugin. You should get a few hits for Google's support forum. One of those will probably show it to you.

    BUT, since I'm a nice person, there you go -https://www.google.com/support/forum/p/Chrome/thread?tid=358ee2503e036472&hl=en :D

    Do you feel it's a problem? If you don't, then it isn't. If you feel it is, then it is. ;)
     
  14. mrpink

    mrpink Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    407
    The only plugins i have enabled are flash and pdf, but this remote desktop plugin is an actual .dll file? I can not see the path in about:plugins
     
  15. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    When I look more closely in about:plugins all I see is:

    Remoting Viewer
    Name: Remoting Viewer
    Version:
    Location: internal-remoting-viewer
    Disable
    MIME types:
    MIME type Description File extensions
    application/vnd.chromium.remoting-viewer
    .
    pepper-application/x-chromoting
     
  16. mrpink

    mrpink Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    407
    That's what i see too. After reading the thread i was about to delete it, but i guess i'll just keep it disabled lol
     
  17. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    I don't, I'm just wondering if/why anyone else does.

    The plugin's been around wayyyy longer than the extension. I guess the plugin's just some kind of backend.
     
  18. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    10,239
    Location:
    Lloegyr
    Yes, that's probably wise. I didn't want to start a panic when I started the thread, I was just curious. ;)
     
  19. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    It could potentially be exploited but I wouldn't worry about it since it doesn't run by default.

    If you don't use any desktop remotes just disable it.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.